Victim loses $330K to phishing scammers 408 days after signing approval

According to a report from Scam Sniffer, a Web3 anti-scam platform, one person just got drained of $330K because of a phishing approval, one that they interacted with more than a year ago. 

According to Etherscan, the victim lost a total of $329,743 in AAVE tokens to the exploit. One of the most peculiar facts about this case is that the phishing approval was signed 408 days prior, on February 10, 2024, at 12:51 AM UTC, giving the scammer access to the victim’s wallet.

The theft did not occur until March 24, 2025, at 12:35 AM UTC, when the attacker transferred 1,999.23 AAVE tokens, valued at $329,743, in a single transaction.

Prior to the theft, the targeted wallet held $527,498 in AAVE. By the time the hacker was done, the victim had only $197,755 left.

The wallet contained other assets, including LPT. However, the hacker only moved the victim’s AAVE tokens, as it was the only token targeted in the transfer.

The hacker is yet to be identified, and the victim has limited options to recover the stolen funds as of now.

Approval phishing scams are a serious threat to crypto holders

According to a report from Chainalysis, the crypto space has lost about $1 billion to approval phishing scams since May 2021, with $374 million lost in 2023 alone.

While approval phishing as a scamming tactic has been around for many years, scammers historically targeted crypto users via the spread of fake crypto apps. Their techniques have become even more effective as the space evolves.

Usually, scammers trick victims into sending them cryptocurrency via a phony investment opportunity or by impersonating somebody else. However, where approval phishing scam is concerned, the scammer tricks the user into signing a malicious blockchain transaction that gives the scammer’s address approval to spend specific tokens from the victim’s wallet. This gives the scammer access to drain the victim’s address of those tokens at will.

Generally, approval phishers send the victim’s funds to a separate wallet from the one granted approval to make transactions on the victim’s behalf. The on-chain pattern typically sees the victim address sign a transaction approving the second address to spend its funds, after which the second address, an approved spender address, executes the transaction to move the funds to a new destination address.

Principal security researcher for Metamask, Taylor Monahan (aka @tayvano_) is one of those tracking romance scam-style approval phishing with the custom Dune Analytics dashboard.

Victims of these romance scammers have reportedly lost approximately $1 billion to approval phishing scams since May 2021. It’s crucial to note that the $1 billion total is an estimate based on on-chain patterns. Some of it could represent the laundering of funds already controlled by the scammers.

This is because romance scams go notoriously underreported, and the analysis that yielded those results began from a limited set of reported instances.

It is believed that the vast majority of approval phishing scams are carried out by a few very successful actors, and addressing the problem can be done in various ways, from user education to employing pattern recognition tactics.

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now